Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use,
ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Email Address:

We never sell or give out your contact information.
We respect our readers' privacy.

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Security deserves all of the attention you can spare, and it never hurts to revisit the fundamentals, in part because the cost of lagging security measures is so high. After all, it’s more than likely that your organization will face a breach, as almost 90% of healthcare organizations experienced at least one breach within the past two years, according to a Poneman Institute study done earlier this year.

Here’s some options to consider when tightening up your security operations, courtesy ofHealthcare IT Leaders, whose suggestions include the following:

Hire white hat hackers: Mayo Clinic reportedly tried this a few years ago, and learned a great deal. While its security measures seem to have gotten something of a beatdown, the Clinic also found a bunch of security holes and got recommendations on how to close those holes.

Lock down employee mobile devices: As mobile technology increasingly becomes a key part of your infrastructure, it’s important to keep it secured – but that can be tough when employees own the phone. One question to ask is whether your IT could lock or wipe data from employee phones and tablets if need be. What are your legal options for securing critical data on employee-owned devices?

Review medical device security: Networked medical devices – from respirators and infusion pumps to MRI scanners – increasingly pose security threats, as any device that receives and transmits data can be a target for attackers. It’s critical to audit these devices, while setting careful security standards for device makers.

Train staff on security issues: Often, breaches are due to human error, so it’s critical to educate non-IT employees on the basics of security hygiene. Offering basic security training should cover not only cover ways to avoid security breakdowns – such as avoiding generic or default passwords and phishing e-mails — but also explanations of how such breaches affect patients.

Encourage risk reporting: According to Poneman, almost half of healthcare organizations discovered a breach through an employee within the past two years. What’s more, nearly one-third of data breaches came to light due to patient complaints. It’s smart to encourage these reports, as IT staff can’t have eyes everywhere.

Disable laptop cameras and microphones: Laptops generally come with a webcam and microphone, but at least in an enterprise setting, it may be better to disable these functions. Why? For one thing, attackers may be able to listen to private conversations through the microphone.

As I see it, the bottom line on all of these activities is to infuse security thinking into as many IT interactions as possible. It may be trite to talk about a culture of security (it’s easier said than done, and too many organizations make empty promises) but such a culture can actually make a big impact on your security status.

To have the biggest impact, though, that culture has to extend all the way to the C-suite, and unfortunately, that rarely seems to happen. When I read research on how often healthcare organizations underspend on security, it seems pretty clear that many senior execs don’t take this issue as seriously as that should. And if the staggering level of health data breaches happening lately isn’t enough to scare them straight, I don’t know what will.

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Healthcare Scene recently sat down with Nancy Hannan, Philips Relationship Director at Augusta University Health System (formerly known as Georgia Regents) to talk about their alliance with Philips Healthcare and the impact it’s had on their healthcare organization.

Along with talking about the benefits and challenges of creating a long term contract with a healthcare IT vendor, we also dive into the details of how medical device standardization has impacted their organization. Not to be left out, we also talk about how this relationship has impacted patients and doctors. If your organization is looking at how to standardize your medical equipment, this interview will give you some insight into creating a long term alliance with your vendor.

In the second part of my interview with Nancy Hannan, Philips Relationship Director at Augusta University Health System (formerly known as Georgia Regents) we discuss how they’re taking the lessons learned from the Philips alliance and applying them to their agreement with Cerner. We also talk about how cybersecurity is better having a vendor representative on site like they have with Philips.

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Over the decade or so I’ve been writing about HIEs, critics have predicted their death countless times – and with good reason. Though their supporters have never backed down, it’s increasingly clear that the model has many flaws, some of them quite possibly fatal.

One is the lack of a sustainable business model. Countless publicly-funded HIEs, jumpstarted by state or federal grants, have stumbled badly and closed their doors when the funding dried up. As it turns out, it’s quite difficult to get hospitals to pay for such services. Whether this is due to fears of sharing data with the competition or a simple reluctance to pay for something new, hospitals haven’t moved much on this issue.

Another reason HIEs aren’t likely to stay alive is that none can offer true interoperability, which diminishes the benefits they offer. Admittedly, some groups won’t concede this issue. For example, I was intrigued to see that DirectTrust, a collaborative embracing 145 health IT and provider organizations, is working to provide interoperability via Direct message protocols. But Direct messaging and true bilateral health information exchange are two different things. (I know, I’m a spoilsport.)

Yet another reason why HIEs have continued to struggle is due to variations in state privacy rules, which add another layer of complexity to managing HIEs. Simply complying with HIPAA can be challenging; adding state requirements to the mix can be a big headache. State laws vary as to when providers can disclose PHI, to whom it can be disclosed and for what purpose, and building an HIE that meets these requirements is a big deal.

Still, given that MACRA demands the industry achieve “widespread interoperability” by 2018, we have to have something in place that might work. One model, proposed by Dr. Donald Voltz, is to turn to a middleware solution. This approach, Voltz notes, has worked in industries like banking and retail, which have solved their data interoperability problems (at least to a greater degree than healthcare).

Voltz isn’t proposing that healthcare organizations rely on building middleware that connects directly to their proprietary EMR, but rather, that they build an independent solution. The idea isn’t incredibly popular yet — just 16% of hospital systems reported that they were considering middleware, according to Black Book – but the idea is gaining popularity, Voltz suggests. And given that hospitals face continued challenges in integrating new inputs, like mobile app and medical device data, next-generation middleware may be a good solution.

Other possible HIE alternatives include health record banks and clearinghouses. These have the advantage of being centralized, connected to yet independent of providers and relatively flexible. There are some substantial obstacles to substituting either for an HIE, such as getting consumers to consistently upload their records to the record banks. Still, it’s likely that neither would be as costly nor as resource-intensive as building EMR-specific interoperability.

That being said, none of these approaches are a pushbutton solution to data exchange problems. To foster health data sharing will take significant time and effort, and the transition to implementing any of these models won’t be easy. But if the existing HIE model is collapsing (and I contend this is the case) hospitals will need to do something. If you think the models I’ve listed don’t work, what do you suggest?

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Earlier this month, a Texas hospital was hit with a particularly loathsome virus. Leaders at Mount Pleasant, Tx.-based Titus Regional Medical Center found out on January 15 that a “ransomware” virus had encrypted files on several of the medical center’s database servers, blocking access to EMR data as well as the ability to enter data into the system.

In this kind of attack, the malware author demands a financial ransom to be paid for freeing up the data. TRMC didn’t disclose how much money the attacker(s) demanded, but it may have been an immense sum, because the hospital apparently thought that bringing in pricey security consultants and enduring several days of downtime was preferable to paying up. Although, they also probably realized the slippery slope of paying the ransom and also there’s no guarantee those receiving the ransom money will actually permanently fix the problem.

It would be nice to think that this was just a passing fad, but researchers suggest that it’s not. In fact, US victims of ransomware reported losses of more than $18 million in 14 months, according to an FBI report issued in June.

According to one news report, the average ransomware demand is about $300 per consumer. The amount demanded goes up, however, when business or government organizations are involved. For example, when a series of small police departments in Massachusetts, New Hampshire and Tennessee were hit with a ransomware attack tying up their key databases, they ended up paying between $500 to $750 to get back access to their data. One can only imagine what a savvy intruder familiar with the life-and-death demand for health information would charge to free up an EMR database or laboratory information system data store.

But the threat isn’t just to enterprise assets. Not only are hospital enterprise network attacks via ransomware likely to increase, these exploits could take place via wearables or medical devices in 2016, according to technology analyst firm Forrester Research. Such attacks don’t just use medical devices to reach databases; Forrester predicts that some ransomware attacks will disable the medical devices themselves.

Given how important mobile technology has become to healthcare, it’s worth noting that ransomware is increasingly targeting mobile devices as well. For example, a recent strain of Android virus known as Lockdroid ransomware is now afoot. While it has no direct healthcare implications, one of the things it does is threaten to send a user’s browsing history to friends and family unless they pay the ransom. The victim, who may get tricked into allowing malicious code to gain admin privileges on their device, could end up having their personal data — and perhaps data from an EMR app — sent wherever the attacker chooses.

It seems to me that the ransomware threat will push healthcare organizations to mirror their core data assets in new and heretofore unheard of ways. HIT departments will have to bring disaster recovery methods and network intrusion defenses to prevent the worst possible outcome — a hack that kills one or more patients — and quickly. Meanwhile, if a company specializing in protecting healthcare firms from ransomware doesn’t exist yet, I suspect one will exist by the end of 2016.

The following is a guest blog post by Kevin Phillips, Vice President – Marketing and Product Management at CapsuleTech.

When it comes to medical devices, most people think of patient monitoring and physiologic data such as HR, SPO2, respiration rate waveforms and physiologic alarms. But there’s a lot more “under the hood” of a device – a lot more than just physiologic data that, when applied in new ways, can contribute to patient safety efforts and help with operational efficiencies.

Under the hood are three types of data. The first, and most often understood and used, is patient data that provides information on the physiologic status of the patient; a snapshot, if you will, of a patient’s condition at a given moment in time. The second type of data is treatment details. These details provide a comprehensive view of treatments being administered to a patient, and include the names of drugs or anesthetic agents, drug concentration, the volume to be infused, or volume of air being delivered via a ventilator. The third type of data is about the devices themselves. This information includes not only modes of operation, technical alarms, and battery level, but also data, such as firmware versions and unique device identifiers, that is useful to the clinical engineers responsible for maintaining these devices.

Of course, all of this data is meaningless without context. This “contextual device data” can be added by external systems such as an EMR or by Capsule’s SmartLinx Medical Device Information System®. We define context as key information for each device: how the device is being used; where it is located; to which patient it is connected; and the identity of the primary clinician responsible for this patient. We also want to know information about the device itself including its unique device identifier, synchronized time (e.g. measurement time, device time, and NTP server time). Last, of course, are the clinical observations of the patient.

Today, only a fraction of this data…maybe 10%…is being used by a hospital; what is being used is typically only that data specified by the hospital by its EMR. And while not all of the remaining 90% of the data is useable in some cases, there is a fair amount of significant value if mined and delivered to the appropriate system or user when it is needed. Some examples include:

Alarm Management Systems – Well-documented patient safety risks posed by the failure to adequately address medical device alarms management by publications such as ECRI has led the Joint Commission to create a National Patient Safety Goal. This goal requires all hospitals to have a policy in place to manage alarms appropriately by 1/01/2016. This has driven a demand for medical device data like near real-time notification of high priority physiologic and technical alarms from each device. The art to these data integrations is close collaboration to deliver the proper alarms so not to overwhelm the clinician with nuisances (low priority alarms).

Device utilization – While solutions exist to help identify the location of expensive, high-maintenance devices, determining which devices are in use is difficult. Providing timely and appropriate device data to biomedical teams can ensure optimal device management, use and health, easing patient throughput and contributing to patient safety and care.

Clinical Decision Support Systems – Whether hospitals have created their own algorithms or purchased a turn-key solution, CDSS’s require high frequency physiologic medical device measurements to properly power their specific algorithms to enable them to identity patients at risk of sepsis or deterioration.

Asset Management – While asset-tracking solutions can help identify the current location of devices, determining which devices are in use or underutilized is difficult. Devices offer a range of built-in operational checks, or support remote monitoring to ensure device readiness and status of any required supplies. The availability of this data to biomedical teams will ensure optimal device management and health, easing patient throughput and boosting patient safety and care.

So what’s under the hood of all of your medical devices? Probably a whole lot more that you ever imagined that can be of immense value throughout your hospital. Why don’t you take a look today to see what value can be derived.

About Kevin PhillipsKevin Phillips is the Vice President – Marketing and Product Management at CapsuleTech with over 10 years of experience in various roles within the healthcare, medical device and diagnostic industries. His career has been focused on new product development, product marketing, market analysis, strategic alliances, corporate operations, and sales. Prior to joining Capsule, Mr. Phillips held positions at TransMedics and PathoGenetix (formerly US Genomics). His career has been focused on new product development, product marketing, market analysis, strategic alliances, corporate operations, and sales.

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of the advantages of devices is that they’re really good at collecting vast amounts of data. One of the problems we have in healthcare is that our medical devices collect a lot more healthcare data than we actually use. It’s too bad since no doubt there is a lot more benefit we could receive from all the medical device data we’re collecting.

This point was really driven home when I saw the infographic below from Capsule which looked at The Power of Medical Device Data. Take a look and see what I mean and then ask yourself, how could we better use medical device data?

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

While many new telehealth plays are rapidly gaining ground, the previous generation may be outliving its usefulness. That may be the message one can take from one giant German conglomerate’s decision to shut down its U.S. telemedicine division.

Robert Bosch GmbH recently announced that it would shut down its U.S. telehealth unit, Robert Bosch Healthcare Systems, which makes business-to-business telemedicine systems. Its offerings include patient interfaces, software and platforms.

You may never have heard of this healthcare company, nor of its massive corporate parent Robert Bosch GmbH, but it’s part of a very large conglomerate with virtually infinite resources.

As it turns out, Bosch is a massive firm which competes with market leaders like GE and Siemens. Robert Bosch GmbH, which has existed since 1886, has more than 350 subsidiaries across about 60 countries and employs about 306,000 people. (I could share more, but I’m sure you get the idea.)

While the failure of one company’s telemedicine strategy doesn’t necessarily mean death for all similar plays, it does suggest that the nimble smaller firms may have more of an advantage than it appears.

Bosch Healthcare was actually way ahead of the market with its offerings, which included remote monitoring tools such as a touch-screen device for home use after hospital discharge and a family of mHealth tools aimed at chronic care management.But they appear to have been held back by proprietary technologies in a market that demands cheap and easy.

Ultimately, the end came when the parent company wasn’t happy with how the telehealth division was performing financially, and decided to cut and run. A statement from the company said that Bosch plans to shift its medical focus to sensor technologies to support improved diagnostics.

It’s hardly surprising that a company Bosch’s size would fail to keep up with the marketplace, given its size. No matter how smart the division’s 125 employees were, they were probably saddled with big company politics which prevented them from making big changes. Not to mention low priced tablets appeared and created a low cost competitor.

The question is, will other large players follow Bosch’s lead? It will be worth noting whether other large companies cede the telehealth market to small and emerging entrants as well. It’s not a no-brainer that this will happen; after all, there’s billions to be made here. But they may actually be wise enough to know when they’re ill-equipped to proceed.

I’ll be particularly interested to see what strategies existing health IT players adopt toward telehealth. It’s unclear how they’ll react to rising consumer and professional interest in telehealth technology, but whatever they do it will probably be worth analyzing.

That being said, with smaller companies out there breaking new ground with next-gen telemedicine apps and tools, they’re probably going to be in the unusual position of playing catch up. And in this case, slow and steady may not win the race.

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Here’s some research which suggests that a lack of “medical grade” digital health tools is perhaps the final obstacle holding healthcare back adopting them full scale — and reaping the benefits.

The scant number of digital health solutions the FDA has already approved has already had a meaningful impact, generating $6 billion in cost savings last year courtesy of improved med adherence, fewer ED visits and digitally-supported behavior changes, Accenture reports.

But that’s just a drop in the bucket, if Accenture is right. The consulting firm expects our health system to save $10 billion this year thanks to use of such devices. And then, as the FDA approves more digital health technology, the savings figure should make dramatic jumps over the next few years, hitting $18 billion in ’16, $30 billion in ’17 and $50 billion in ’18.

What’s intriguing about these numbers is that they assume each FDA approval will seemingly generate not only more savings, but also a cumulative “whole is greater than the sum of its parts” effect.

After all, in raw numbers, the number of devices Accenture is relying on to achieve this effect is small, from 33 approved last year to 100 by the end of 2018. In other words, 67 devices will help to generate an additional $44 billion in savings.

That being said, what makes Accenture so sure that the ever-so-slow FDA will approve even 70-odd devices over the next few years?

* Provider demand: At present, about one-quarter of U.S. doctors “routinely” use tele-monitoring devices for chronic disease management, researchers found. As hospitals and medical practices look to integrate such solutions with their core EMR infrastructure, they’ll look to please providers who want digital health tech they can trust.

* Regulatory conditions: With FDA guidelines in place specifying when wellness tools like heart rate monitors become health devices, it will be easier for the FDA to speed up the process of digital health technologies, Accenture predicts. This should support 30% annual growth of such solutions through 2018, the study found.

* Consumer health tracking: Consumer demand for health tracking devices, especially wearables, should continue its rapid expansion, with the number of consumers owning a wearable fitness device to double from 22% this year to 43% by 2020, according to the consulting firm.

While Accenture doesn’t address the impact of digital health tech that doesn’t get FDA approval, there’s little doubt that it too will have a significant impact on both health outcomes and cost savings. Ultimately, though, it could be that it will take an FDA seal of approval to get widespread adoption of such technologies.

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

The following story offers some tidbits on how new technologies, some EMR-based and some offering independent forms of patient monitoring, are popping up in hospitals. I found the technologies profiled to be quite interesting and I think you will too.

According to a new piece in The Wall Street Journal, U.S. hospitals have begun to test wireless monitoring systems to track the condition of potentially unstable patients, such post-surgical patients or those on narcotic meds that can suppress breathing. The new technology is most popular on med/surg units where patients aren’t generally monitored 24/7 for changes that can prove fatal.

One approach hospitals are adapting is a wireless monitor which is placed under a mattress and tracks patients’ breathing and heart rate. The monitors, which were developed by an Israeli firm called EarlySense, also lets nurses know when patients get out of bed and when to turn them to avoid bed sores. According to the WSJ, EarlySense costs between $80,000 to $200,000 for a 30-bed unit; prices vary depending on how big the hospital is and how many features the product includes.

Academic research is already suggesting that such monitors can make a significant impact on patient care in hospitals. One study appearing in the American Journal of Medicine last year found that use of the wireless monitors was correlated with both shorter stays and a lower rate of code blue events as compared to units that didn’t use the monitors.

Another technology, software known as the Rothman Index, cross-references 26 variables in medical records and uses them to score a patient on a scale from 1 to 100, with lower scores suggesting that the patient needs to be watched more closely or receive immediate help. The software, which costs roughly $150,000 for a 300-bed hospital, places updated scores regularly on a graph. Some 70 hospitals already have the software in use.

The University of Pittsburgh Medical Center children’s hospital will soon join that number, rolling out a pediatric version of the Rothman Index software in June. UPMC, which has always invested heavily and inventively in new HIT approaches, chose to implement the new software after a research study appearing in Pediatric Critical Care Medicine found that it could effectively supplement staffs’ effort to track kids.

Yet another technology, used at Brigham and Women’s Hospital in Boston, rates patients’ risk of developing serious problems in real time, by analyzing patterns found in lab results, vital signs and nurses’ assessments gathered from EMRs.

Regardless of how you slice it, it’s clear that hospitals are poised to make big leaps in how they monitor patients on the verge of destabilization. This looks like a very promising set of approaches.

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Mobile health apps and hardware offer intriguing possibilities, though it’s hard for providers to tell what models and methods of use are going to stand out. Clearly, mHealth is going to change the way care is delivered, and how patients take part in that care, but how?

Here’s a tidbit from McKesson that might offer some useful insight. The infographic, which draws on data from The Economist Intelligence Unit, predicts that mHealth is moving from providing consumer information to driving patients’ involvement in their own care.

One of the more interesting details in this chart is the prediction that within five years, the percentage of people using mHealth apps to share information will fall from an already-low 17% to 14%.

I was also intrigued by the notion that the number of people using mHealth to gain social support will rise from 17% now, rise to 26% then fall to 13%. Does this suggest that consumers will shift communications styles back to more face-to-face channels of support? That they’ll rely on some technology or model that hasn’t been invented yet?
It’s something to consider.